关联漏洞
标题:
polkit 缓冲区错误漏洞
(CVE-2021-4034)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞,攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后,如果目标计算机上没有权限的用户拥有管理权限,攻击可能会导致本地权限升级。
描述
This repository contains ZAARA's implementation of the exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. This tool demonstrates advanced exploitation techniques while maintaining operational security.
介绍
#
# PwnKit Exploit - CVE-2021-4034
**Local Privilege Escalation in polkit's pkexec**
## 🔥 THINK SMART. HACK SAFE. STAY HIDDEN.
## 📖 Overview
This repository contains my implementation of the exploit for **CVE-2021-4034** (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The vulnerability allows unprivileged users to gain root privileges on vulnerable Linux systems.
**Author**: **ZAARA** - Founder of **Team-Phazto**
## 🚨 Vulnerability Details
- **CVE ID**: CVE-2021-4034
- **CVSS Score**: 7.8 (High)
- **Affected Versions**: polkit from 2009 to January 2022
- **Vector**: Local Privilege Escalation
- **Component**: polkit's pkexec
## 🛠️ Installation
```bash
git clone https://github.com/zaaraZiof0/pwnkit-exploit-CVE.git
cd pwnkit-exploit-CVE
chmod +x zaara_pwnkit.py
```
## 🎯 Usage
### Basic Exploitation
```bash
python3 zaara_pwnkit.py
```
### Stealth Mode
```bash
python3 zaara_pwnkit.py --stealth
```
### Vulnerability Assessment
```bash
python3 zaara_pwnkit.py --recon
```
### Help Menu
```bash
python3 zaara_pwnkit.py --help
```
## 📁 Files
- `zaara_pwnkit.py` - Main exploit script
- `phazto_helper.c` - C version helper
- `team_phazto_detector.py` - Vulnerability detector
- `requirements.txt` - Python dependencies
## 🔍 Features
- ✅ **Stealth Operation** - Minimal footprint
- ✅ **Auto-detection** - System vulnerability assessment
- ✅ **Multiple Payloads** - Adaptive exploitation methods
- ✅ **Clean Execution** - Automated cleanup
- ✅ **Error Handling** - Robust operation
## 🧪 Compatibility
**Tested Environments**:
- Ubuntu 18.04/20.04/22.04
- CentOS 7/8
- Debian 10/11
- Kali Linux 2021+
**Requirements**:
- Python 3.6+
- GCC compiler
- Linux operating system
## 🛡️ Mitigation
### System Hardening
```bash
# Remove SUID bit temporarily
sudo chmod 0755 /usr/bin/pkexec
# Update polkit package
sudo apt update && sudo apt upgrade policykit-1
```
## ⚠️ Legal & Ethical Notice
**Authorized Use Only**:
- Penetration testing with written permission
- Security research and education
- Defensive security training
**⚠️ WARNING**: Unauthorized use of this tool is illegal. The author is not responsible for any misuse.
## 👥 Team-Phazto
**Founder**: ZAARA
**Mission**: Advanced cybersecurity research and ethical tradecraft development.
---
**ZAARA**
**THINK SMART. HACK SAFE. STAY HIDDEN.**
文件快照
[4.0K] /data/pocs/2a6f4a61677c19948f42825debd00bee8dcbb2a1
├── [1.1K] LICENCE
├── [2.8K] phazto_helper.c
├── [2.6K] README.md
├── [ 230] requirements.txt
├── [6.1K] team_phazto_detector.py
└── [9.4K] zaara_pwnkit.py
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。